Modify

Opened 6 days ago

Closed 5 days ago

#19799 closed defect (othersoftware)

Malwarebytes intermittently reports blocking an exploit when starting JOSM

Reported by: harg Owned by: team
Priority: normal Milestone:
Component: Core Version:
Keywords: template_report Cc:

Description

What steps will reproduce the problem?

  1. Launch JOSM on a system with malwarebytes premium installed

What is the expected result?

JOSM starts

What happens instead?

On about 50% of starts, Malwarebytes reports blocking an exploit. Detailed log contains this:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 14/09/2020
Protection Event Time: 20:44
Log File: a9311d80-f6c2-11ea-8599-107b4445a65b.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.29825
Licence: Premium

-System Information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Users\<myUserName>\powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[System.Net.WebRequest]::Create('https:\grca.nat.gov.tw').GetResponse(), Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Java
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Users\pcs3\powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[System.Net.WebRequest]::Create('https:\grca.nat.gov.tw').GetResponse()
URL:

(end)

Please provide any additional information below. Attach a screenshot if possible.

URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2020-09-06 16:54:59 +0200 (Sun, 06 Sep 2020)
Build-Date:2020-09-07 01:30:48
Revision:17013
Relative:URL: ^/trunk

Identification: JOSM/1.5 (17013 en_GB) Windows 10 64-Bit
OS Build number: Windows 10 Pro 1909 (18363)
Memory Usage: 825 MB / 1820 MB (202 MB allocated, but free)
Java version: 1.8.0_202-b08, Oracle Corporation, Java HotSpot(TM) 64-Bit Server VM
Look and Feel: com.sun.java.swing.plaf.windows.WindowsLookAndFeel
Screen: \Display0 1920x1080 (scaling 1.0x1.0)
Maximum Screen Size: 1920x1080
Best cursor sizes: 16x16 -> 32x32, 32x32 -> 32x32

Plugins:
+ AddrInterpolation (35405)
+ DirectDownload (35248)
+ apache-commons (35524)
+ apache-http (35092)
+ buildings_tools (35500)
+ imagery_offset_db (35405)
+ javafx-windows (35458)
+ jna (35092)
+ notesolver (0.3.2)
+ terracer (35499)
+ turnrestrictions (35515)
+ utilsplugin2 (35487)

Tagging presets:
+ https://josm.openstreetmap.de/josmfile?page=Presets/Addr2&zip=1

Map paint styles:
- https://josm.openstreetmap.de/josmfile?page=Styles/Fixme&zip=1
+ <josm.pref>\custom\bigFixmeNodes.mapcss
- <josm.pref>\custom\redHouseNumbers.mapcss

Last errors/warnings:
- 00025.328 E: Failed to locate image 'error_small.png'
- 00025.329 W: Mappaint style "standard" (BigFixmeNodes) icon "error_small.png" not found.

Attachments (0)

Change History (1)

comment:1 Changed 5 days ago by stoecker

Resolution: othersoftware
Status: newclosed

Report to malwarebyte not us. Yes, we call powershell in the source.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.